AI - The Security Professional's next Maginot Line (Part 1)

Share

This first article is intended to bring a wider and hopefully more strategic perspective to ongoing discussions around LLMs and AI. It is intentionally written as a strategic essay and neither claims to be a research paper, or otherwise to be scientific.

The concepts discussed throughout are intended as frameworks for thinking about emerging organizational risks associated with AI adoption. Some observations are nevertheless grounded in existing research and operational experience, while others represent forward-looking hypotheses intended to stimulate discussion.

The objective is not to predict specific outcomes, but to explore how AI may alter the relationship between cognition, decision-making, organizational resilience, and governance over the coming decade. Readers should therefore distinguish between current observations, emerging trends, and my - from time to time, speculative projections.

Preparing for past wars

Military history is full of examples of leaders who prepared brilliantly for the previous war. They built stronger fortifications, better logistics, more efficient versions of the weapons they already understood - and then they lost, because the battlefield itself changed...

The textbook example is the Ligne Maginot: a massive, carefully engineered system designed to protect France from Germany or Italy, and then bypassed with almost insulting simplicity. Not destroyed. Not overwhelmed. Simply rendered irrelevant by a shift in how the conflict actually unfolded.

I grew up near the Maginot Line, and in Swiss history classes the topic came back with almost ritual consistency. Every year, at least once. Sometimes more. At some point you stop learning the historical fact and start absorbing the underlying pattern: intelligent systems, built with discipline and resources, optimized for a version of reality that no longer exists by the time they are deployed.

At the time, this feels like history. Something safely contained. Almost academic.

It isn’t.

Because once you start paying attention, this pattern stops being exceptional and starts looking like a default failure mode of complex systems. Not just in military history, but in economics, in institutions, in corporate strategy, and in technology adoption cycles that consistently underestimate the shift in what actually changes.

And the uncomfortable part is that this pattern is not staying in history books. It is showing up again: in how organizations are responding to AI.

The Internet Taught Us the Wrong Lessons

Not because the lessons were wrong, learned the hard way or because they came too late, but because they were incomplete.

The Internet era taught organizations to protect digital assets: systems, networks, and data. This was rational. The threat landscape justified it. The conceptual center of gravity became what is often summarized as the CIA triad: confidentiality, integrity, and availability.

From there, an entire industry evolved: firewalls, intrusion detection systems, endpoint protection, SOCs, compliance frameworks like ISO 27001, certifications like CISSP, and later “zero trust” architectures. Different names, same conceptual core: protect information flow, control access, reduce exposure.

And this is where the first structural mistake sits, not in execution, but in assumption...

Because even at scale, this model treats security as something that happens around systems. A perimeter problem. A data problem. A control problem.

Which is not wrong. But it is not sufficient.

Even today, most organizations still operate inside this model. They defend systems. They defend data. They defend access paths. And they invest heavily in doing so, often under the assumption that enough refinement of the same paradigm will eventually converge toward adequacy.

But attackers never operated inside those conceptual boundaries in the first place. And now the same model is being extended, almost reflexively, to AI...

Governance committees are formed. Acceptable-use policies are written. AI security controls are defined. Compliance frameworks are extended. Entire consulting ecosystems are emerging around the idea that AI is fundamentally another technology stack that needs to be secured.

All of this is reasonable. And all of it is insufficient.

It resembles early Internet-era thinking, when organizations debated whether employees should have web browsers, whether email should be allowed, or how to block certain websites.

Those questions were not irrelevant. They were simply not the strategic transformation.

The Internet did not primarily change communication channels. It changed economies, distribution, coordination, and the structure of entire industries. Network security mattered, but it was never the main event...

We are at risk of repeating the same category error.

AI Is Not a Data Problem. It Is a Decision Problem.

The dominant assumption in many organizations is still that AI is another technology layer that must be secured, governed, and controlled in a traditional sense.

That assumption is the modern equivalent of preparing for the last war.

AI certainly changes how information is produced, distributed, and consumed. But from a strategic perspective, the more important shift may be elsewhere: AI increasingly changes how decisions are formed, validated, and executed.

This observation is not entirely new. Organizational theorists such as Herbert Simon argued decades ago that organizations fundamentally exist to make decisions under conditions of bounded rationality. From that perspective, technologies that alter how decisions are formed may ultimately have greater strategic significance than technologies that merely alter information access.

Where the Internet expanded access to information, AI expands delegation of interpretation. Where traditional software supported structured workflows, AI increasingly enters the domain of judgment itself... Sometimes explicitly, sometimes quietly embedded into tools and processes where it is no longer visible as a separate layer.

This shifts the center of gravity in a very simple way:

Internet AI
Connects systems Connects judgment to action
Moves information Produces interpretations
Expands communication Expands cognition
Increases access Increases delegation
Creates digital dependency Creates cognitive dependency

In summary, the Internet expanded what organizations could know, while AI expands the range of decisions that can be supported, informed, or executed with progressively less human involvement. And once you see it this way, much of the current discourse starts to feel slightly misaligned.

Not wrong. Just operating at the wrong layer.

Because the real question is no longer how information is protected or transmitted. It is how decision-making capacity is distributed, substituted, and slowly externalized out of the organization.

The New Asset Nobody Is Protecting

Organizations have always protected tangible and digital assets: infrastructure, intellectual property, systems, data. Entire industries exist around ensuring these remain secure and operational.

But AI introduces something that does not fit into that model cleanly.

It introduces cognition as an operational dependency. This includes expertise, judgment, situational awareness, domain competence, and increasingly even decision execution itself. Not as augmentation, but as substitution of interpretive layers that were previously assumed to require human continuity.

This is what I refer to as cognitive infrastructure. Similar ideas have appeared under labels such as organizational cognition, distributed cognition, and knowledge-based views of the firm. What appears new in the AI era is the increasing possibility that parts of this cognitive infrastructure become externalized into systems operating outside the organization itself.

By cognitive infrastructure, I do not mean intelligence in the abstract... I mean the collection of expertise, judgment, situational awareness, institutional memory, and decision-making capability required for an organization to understand its environment and act effectively within it. Historically, most of this infrastructure resided in people and the organizational structures built around them. AI makes parts of it externalizable. However, most organizations do not yet treat it as infrastructure.

A simple analogy makes this visible: Organizations invest heavily in redundancy for electricity, connectivity, and physical systems. Backup generators are standard. Disaster recovery is standard. Redundancy planning is standard. But there is no equivalent thinking for cognition. No serious model of “backup decision-making capacity” in the sense of preserving internal understanding when external systems fail, degrade, or change behavior. And yet cognition is arguably more central than any single system dependency. Because losing systems is recoverable. Losing understanding is not.

This becomes visible in a few very concrete ways.

1. Loss of core cognitive competence

There is an obvious appeal in delegating cognitive work to AI systems. Writing, coding, analysis, reporting, planning... Tasks that once required trained competence can now be partially externalized. This is almost always framed as productivity. Sometimes it is. But structurally, it also changes how competence is maintained inside organizations. Because competence is not output. It is the ability to understand, validate, correct, and improve outputs over time.

When that loop is continuously externalized, internal mastery becomes less necessary to maintain. Not immediately, not visibly, but structurally.

We have seen this pattern before... With large-scale IT outsourcing, organizations reduced internal capabilities under the assumption that external providers would handle operational complexity. The intent was rational: reduce cost, increase efficiency, focus on core competencies. And to be fair, most consulting frameworks did include an important caveat: retain enough internal expertise to govern external providers effectively. The “intelligent customer” concept was not an afterthought.

But in practice, that layer was often the first to disappear. And then ransomware happened...

In several ransomware engagements I was involved with, the technical challenge was not restoring systems. The harder challenge was reconstructing organizational understanding. Companies could recover servers, databases, and backups. What they had lost was the internal knowledge required to determine which systems mattered, in what order they had to be restored, and how those systems actually supported business operations.

At that point, ransomware stops being a technical incident and becomes something closer to an organizational cognition failure. AI does not replicate ransomware. But it rhymes with the same structural weakness: loss of internal understanding of systems that are still essential for survival...

Only this time, it is not infrastructure knowledge being externalized.

It is decision-making itself.

2. Loss of cognitive independence

A second-order effect is dependency.

Once cognitive capabilities are externalized into AI systems, they become subject to external constraints: pricing models, availability, usage policies, model updates, and platform decisions that are not under organizational control. Individually, none of this is unusual. All software ecosystems involve dependencies. But cognitive dependency behaves differently because it affects continuity of thinking capacity inside the organization.

As integration deepens, replacing systems becomes less about migration and more about reconstructing how the organization thinks.

This is often described as vendor lock-in. But that framing is still too shallow. What is actually being locked in is not just tooling. It is decision architecture.

This concern parallels emerging discussions around digital sovereignty and strategic autonomy, particularly in Europe, where dependence on external digital infrastructure is increasingly viewed as a strategic rather than purely technical issue.

And once decision architecture becomes externalized, autonomy becomes conditional. Not just technically, but cognitively...

Most executives intuitively understand the risk of losing a key engineer, scientist, or architect whose expertise is deeply embedded in critical products or processes. AI introduces a similar dependency, except the expertise may reside outside the organization entirely. The difference is not merely ownership. It is that the terms under which the capability operates can change without negotiation.

3. Dealing with synthetic realities

A third issue emerges at the level of validation.

As generative systems improve, synthetic outputs become increasingly indistinguishable from real artifacts: text, images, video, code, reports, forecasts, and structured data. At that point, the problem is no longer whether humans can distinguish real from fake in isolated cases. The problem becomes whether organizations can still maintain a stable internal model of reality at scale; in simpler terms, the operational picture of reality...

The strategic risk is not that AI generates fake images. The strategic risk is that organizations increasingly make decisions based on artifacts whose provenance, validation path, and factual reliability become progressively harder to establish.

This goes far beyond deepfakes or media manipulation. It extends into operational domains:

  • financial reporting
  • engineering documentation
  • security assessments
  • legal and contractual artifacts
  • internal analytics and forecasting

Organizations already operate on distributed trust. No executive validates every input directly. They rely on layered structures of interpretation and validation.

Because outputs can be plausible without being correct, and because errors can propagate silently across systems, the risk is not obvious misinformation. It is epistemic drift: gradual divergence between perceived system state and actual system state.

Researchers in information warfare, cognitive security, and epistemology have long observed that strategic influence often operates not by denying information but by altering the interpretive frameworks through which information is understood.

And as AI systems begin interacting with other AI systems, through APIs, automation pipelines, and agentic workflows, etc., the verification chain becomes even more opaque.

In some cases, there may be no human in the loop at all... At that point, the question quietly changes: Not “is this correct?”

But whether correctness is still something the organization can reliably reconstruct afterward.

Accountability issues

A direct consequence of cognitive delegation is accountability fragmentation, as traditional organizational models assume traceable responsibility: decisions can be mapped back to identifiable actors. Human-AI systems break this assumption...

When outcomes emerge from combinations of human input, model behavior, system integration, and automated execution, responsibility becomes distributed across layers that do not map cleanly onto existing structures. Organizations sometimes respond by assigning oversight responsibility to individuals. But this often produces an asymmetry that is rarely acknowledged: humans become accountable for systems they cannot fully observe, predict, or control.

Imagine a pricing decision generated by an AI system, approved by a manager, implemented automatically through software, and later found to have violated contractual obligations. Which component failed? The model? The integration? The manager? The governance process? In practice, accountability becomes increasingly difficult to assign because the outcome emerged from the interaction of multiple actors rather than a single decision maker.

This is not a legal edge case. It is an operational instability in how modern organizations assign responsibility in hybrid systems.

Understanding Synthetic Cognition

The common thread across all of this is not technology. It is cognition.

AI is not just another layer in the technology stack. It introduces synthetic cognition into organizational systems: the production of interpretation, reasoning, and decision support as an operational substrate. This is historically unusual.

Previous technological waves expanded communication, computation, energy, or transportation. They changed scale and efficiency. But they did not directly externalize cognition itself.

AI is arguably the first broadly adopted technology whose primary value proposition is the externalization of cognitive interpretation and judgment itself rather than communication, transportation, computation, or mechanical effort. And that is why treating it as a natural extension of cybersecurity, IT governance, or compliance frameworks feels increasingly insufficient. Not because those frameworks are wrong. But because they operate at a different layer of reality...

Which brings us back to the Maginot Line. It was not defeated because it was badly built. It was defeated because it was built for the wrong war.

For centuries, organizations scaled primarily through people, process, communication, and automation. AI introduces a fifth scaling mechanism: synthetic cognition. And once cognition becomes partially externalized, the risk landscape stops behaving like a set of (independent) technical problems. It becomes structural.

And the question is no longer whether individual systems are safe or aligned in isolation. The question becomes what happens when organizational cognition itself is distributed across human and synthetic systems that evolve at different speeds, obey different constraints, and degrade in different ways. From here, several risk trajectories emerge, each reinforcing the others...

The first is the gradual erosion of internal competence. The second is epistemic instability, where synthetic outputs become indistinguishable from validated reality. The third is the erosion of cognitive independence as decision structures become embedded in external systems.

And underneath these sits something more speculative, but increasingly difficult to ignore: the possibility that AI systems begin interacting primarily with other AI systems, reducing human participation to oversight of processes they no longer fully understand. At that point, the system is no longer merely augmented cognition. It becomes distributed cognition with diminishing human interpretability.

The risks discussed so far are largely internal. They concern what happens when organizations externalize cognition and become dependent on synthetic capabilities. The next question is what happens when these systems begin interacting at scale, not only with humans, but with each other. That is where the discussion shifts from cognitive infrastructure to cognitive conflict.

To be continued...